The CyberWire Daily Briefing 03.08.16
Today's issue includes events affecting Australia, Brazil, China, Iran, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, New Zealand, Russia, Syria, Turkey, United Kingdom, United States, and and Venezuela.
San Francisco: the latest from RSA
RSA wrapup: Private sector feels burned by feds (Fedscoop) Criticism of the feds’ efforts to force Apple to hack its own encryption dominated chatter at last week’s RSA Conference but seems to be the tip of an iceberg of discontent: The private sector is running out of patience with the U.S. government’s poor understanding and bungled efforts in cybersecurity. Every panel that featured a government representative — even one not affiliated …
Live from RSA – Endpoint security is dead, long live endpoint security (Naked Security) Here’s the latest episode of our award-winning security podcast – enjoy!
RSA 2016 – Highlighting Articles and Talks from this Year’s Conference (IT Pro) Last week the annual RSA Conference for 2016 was held in San Francisco and as always it presented experts and leaders in the fields of security, cryptography and privacy
My reflections after visiting RSA Conference 2016 (Help Net Security) RSA Conference has long been the place where security vendors announce new products and services, and industry trends are made. I was told by Centrify
Surprising tips from a super-hacker (CSO Online) Virtually everyone in technology knows about Kevin Mitnick, the one-time fugitive hacker who is now a security consultant. Mitnick has a wealth of security advice for the public.
Prevoty Recognized for Innovation in Application Security at RSA 2016 (BusinessWire) Prevoty, Inc., a leader in runtime application security visibility and protection, continues to show impressive momentum demonstrated by growing indus
Cyber Attacks, Threats, and Vulnerabilities
South Korea Accuses North of Hacking Senior Officials’ Phones (NYTimes) Seoul’s spy agency says that Pyongyang has stolen text messages, contact information and voice conversations, possibly in retaliation for new sanctions.
Sophisticated banking malware targets Android users (The Christian Science Monitor) Researchers have discovered malicious software targeting online banking customers that use Android smartphones and tablets, the latest indication of a surge in attacks against the platform.
OS X ransomware found bundled with legitimate software (Help Net Security) Palo Alto researchers have discovered the first fully functional ransomware aimed at Mac users. The malware, dubbed KeRanger, has been found on Friday
KeRanger: First Mac OS X ransomware emerges (Symantec Security Response) Compromised BitTorrent installer used to spread ransomware that encrypts files on Mac OS X computers.
The malware that upset Apple's cart (International Business Times, India Edition) With the OSX ransomware KeRanger making Mac users nervous, here's a brief history of malware that have infected Apple computers.
The OS X ransomware likely infected less than 7,000 systems (Mashable) That's not too bad...if one of those infected systems isn't yours.
Ransomware arrives on the Mac: OSX/KeRanger-A – what you need to know (Naked Security) It’s happened: there’s now ransomware for the Mac, and it’s called “OSX/KeRanger-A”.
Apple’s Mac computer's hit with ransomware, here is how to get rid of it (TechWorm) How to Remove KeRanger Ransomware from Your Mac Since yesterday, Apple Mac users have been hit by a first ever fully functional ransomware called
Burrp compromised to serve Angler EK and deliver TeslaCrypt ransomware (Symantec Security Response) An Indian restaurant recommendation site contains injected code which redirects users to the Angler EK, which in turn drops TeslaCrypt (Trojan.Cryptolocker.N) on the computer.
The Nuts & Bolts of Ransomware in 2016 (TitanHQ) What you need to know about ransomware. What is a ransomware attack? How do the latest Ransomware attacks of CryptoWall, CryptoLocker, Popcorn Time, WannaCry and Not Petya operate?
Brazilian Coders Are Pioneering Cross-OS Malware Using JAR Files (softpedia) Currently only a malware dropper, but Kaspersky expects to see fully working banking trojans in the near future
RSAC16: Microsoft’s Windows PowerShell fully weaponised, security expert warns (ComputerWeekly.com) Security expert Ed Skoudis says the PowerShell Empire open-source security tool is as much use to attackers as it is to defenders.
Popular WordPress plugin opens backdoor, steals user credentials (Help Net Security) If you are one of the 10,000+ users of the Custom Content Type Manager (CCTM) WordPress plugin, consider your site to be compromised and proceed to clean
Beware spear phishers trying to hijack your website (WeLiveSecurity) If you fail to take proper care, it would be all too easy to type your password into an eNom phishing site and hand control of your website over to a online criminal gang.
Hack a mobile phone's fingerprint sensor in 15 minutes (Help Net Security) Two researchers from Michigan State University's biometrics group have devised a method for hacking mobile phone's fingerprint authentication by using
Is it REALLY this simple to bypass the iPhone and iPad lockscreen? (Graham Cluley) Researchers claim multiple iOS 9 vulnerabilities allow attackers to bypass Apple device's built-in passcode security - but some are skeptical
Abuse runs rampant on new generic top level domains (CSO Online) Generic top-level domains (TLDs) that have sprung up in recent years have become a magnet for cybercriminals, to the point where some of them host more malicious domains than legitimate ones.
How one man could have broken into any Facebook account (Naked Security) Do you let security slip behind on your test servers because, hey, they’re not the real thing? That just happened to Facebook…
Report: Thousands of contractor emails found on Dark Web (FierceGovernmentIT) A recent study from ID Agent found thousands of federal contractor emails located on the Dark Web, demonstrating a security fault line than in some cases covered over a third of a contractor's email accounts
Password sharing habits prioritize convenience over security (Help Net Security) A new survey by LastPass on the password sharing habits of UK consumers reveals they favour convenience over security when it comes to sharing passwords.
Cyber attack on cancer chain affects 2.2 million (Health Data Management) FBI believes information was accessed from 21st Century Oncology’s database.
Clark County water district hit with cyber-attack (LASVEGASNOW) The Clark County Water Reclamation District has been hit with a cyber-attack but officials say operations haven't been disrupted and no customer or employee information was hacked.
Someone is Rickrolling people using fake parking tickets (Naked Security) Citizens of Asheville, NC have been afflicted with the 1980s.
Recovering from a Cyber-Attack (Consortiumnews) From Editor Robert Parry: Last week, we were told by IT experts that Consortiumnews was the apparent victim of a sophisticated “denial of service” attack that destroyed the site's functionality by imposing so many commands on the system that it blocked us from updating content or restoring the site
Security Patches, Mitigations, and Software Updates
Google Fixes Critical Mediaserver Bug, Again (Threatpost) Google has patched two critical Android vulnerability in Mediaserver that allowed remote execution of code.
Security Advisories-CVE-2016-2774: An attacker who is allowed to connect to DHCP inter-server communications and control channels can exhaust server resources (ISC Knowledge Base) In many cases, the ISC DHCP server does not effectively limit the number of simultaneous open TCP connections to the ports the server uses for inter-process communications and control. Because of this, a malicious party could interfere with server operation by opening (and never closing) a large number of TCP connections to the server
How new encryption standard could leave poor Web users exposed (The Christian Science Monitor) Even though an online encryption standard adopted Jan. 1 is meant to make the Web safer, Mozilla and Symantec opted to make an exception to the protocol so that people whose devices can't support the upgrade aren't put at risk.
More Organizations to Deploy Encryption for Cyber Risks, Privacy Compliance, and Cloud (Legaltech News) More global organizations are adopting encryption citing major security and compliance concerns
Brace for Breaches: Report Finds Cyberthreats to Legal Industry to Grow in 2016 (Legaltech News) The surge in ransomware and spear phishing attacks in 2015 will continue this year with a focus on the legal industry's sensitive data according to a report by TruShield
Inadvertent Disclosure is Legal Organizations' Most Feared Cloud App Risk: Survey (Legaltech News) The Consilio survey found many do not have a firm handle on 'shadow IT' which can cause inadvertent disclosure.
Kaspersky: A “Golden Age of Cybersecurity” is on the Horizon (Channel Futures) We may be living in the "Dark Ages of Cybersecurity," but Eugene Kaspersky believes a golden age is inevitable.
Getting your CEO fired (CSO Online) We will explore the issues of reputational damage, incident cost, stock price impact, and increased regulatory attention. We will also discuss the fate of four CEOs who have faced cybersecurity breaches in the past three years.
Meet The Cyber-Industrial Complex: Private Contractors May Get $7B Windfall From Pentagon's Cyberwar On ISIS (International Business Times) When military personnel press the red button, they could be launching malicious software against enemies of the U.S. built by familiar names.
Pentagon releases RFP for ENCORE III IT services contracts (FierceGovernmentIT) The Pentagon posted a final request for proposals last week for its ENCORE III project focused on guiding IT processes throughout the department into the future. The $17.5 billion contract will provide defense agencies with IT capabilities over the next five years
Australian cyber security firms merge in $40m deal (Financial Review) Privately owned Australian cyber security company Secure Logic has acquired fellow local firm Computer Room Solutions in a deal understood to be worth just under $40 million.
IBM a Leader Again in the 2018 Magic Quadrant for Identity Governance and Administration (IGA) (Security Intelligence) IBM was recently named a Leader, again, in Gartner's 2018 Magic Quadrant for Identity Governance and Administration (IGA).
Understanding Resilient Systems: IBM’s Latest Acquisition in the Security Space (Market Realist) IBM’s burgeoning acquisition portfolio
The Truth Behind IBM’s X-Force Incident Response Services (Market Realist) IBM’s X-Force Incident Response Services
Cisco Security Exec: Vendors Like Palo Alto, FireEye Are Selling 'Legacy Technology' (CRN) Cisco plans to transform the security marketplace with a holistic approach, saying competitors can no longer effectively compete with the networking leader.
Cyphort Takes Home Excellence Award for Best Enterprise Security Solution at SC Awards 2016 (BusinessWire) Cyphort wins SC Magazine Excellence Award for Best Enterprise Security Solution at SC Awards 2016, and also recognized on CRN’s Security 100 List.
iovation Service Named Best Multi-Factor Authentication Solution (Marketwire) iovation, the provider of device intelligence for authentication and fraud prevention, has received the "Editor's Choice for Multi-Factor Authentication Solutions" in Cyber Defense Magazine's 2016 InfoSec Awards. A panel of independent information security experts selected iovation's Customer Authentication service, which verifies a user's...
Spies Sans Frontières? (IRIN) A months-long investigation by IRIN into the secretive intelligence-linked firm Palantir reveals a bargain-basement contract with a sensitive UN agency.
Partners call on Cisco for more security marketing (Channelnomics) Solution providers discuss today's security landscape,Solution Provider,Security,Vendor ,vendor,Cisco,Solution provider,Cyber security,Dimension Data
CFIUS Report Highlights Cybersecurity Scrutiny of Tech Companies (Legaltech News) Chinese acquirers lead in CFIUS submissions while U.S. gov focuses on control of overseas U.S. tech companies.
Hacking the Pentagon could earn you some cash (CNET) A pilot program aims to help the US Defense Department beef up its networks by finding any vulnerabilities that could be exploited.
Microsoft inaugurates a new Cybersecurity Center in Korea (TWCN Tech News) Microsoft launched a Cybersecurity center in Korea.It will serve as a hub for sharing and collaborating on security technology.
CrowdStrike Expands International Presence to Meet Growing Customer Demand (BusinessWire) CrowdStrike Inc., the leader in cloud-delivered next-generation endpoint protection, threat intelligence and response services, today announced the la
Maryland: A National Hub for Cybersecurity (LinkedIn) Cyber firms in the MD-DC market are expected to raise more than $1 billion in venture funding this year. In 2015, Maryland firms made headlines with
Products, Services, and Solutions
RSA 2016: Misconceptions and Myths Surrounding Threat Data and Threat Intelligence (Cyveillance) Last week was the annual RSA security conference in San Francisco, CA – one of the industry’s largest IT security events
Fortinet unveils its Cyber Threat Assessment Program (ARN) Cyber-security solutions company, Fortinet, has launched the free of charge Cyber Threat Assessment Program (CTAP).
BorgBackup: Deduplication with compression and authenticated encryption (Help Net Security) BorgBackup is a deduplicating backup program that supports compression and authenticated encryption. The main goal of BorgBackup is to provide an
Kaspersky expands enterprise offerings, adds partner services to security lineup (Channelnomics) Vendor announces new offerings at annual partner summit,Security ,security,Kaspersky lab,Partner programs,Cyber security
Next-Generation Malware Analysis Sandbox Now Available (Business Solutions) ThreatAnalyzer 6.0 provides advanced discovery and response for malware that evades detection
Here are the best Antivirus programs that you should have in your system (TechWorm) According to AV-Comparatives, here are the two best overall computer antivirus programs that should be running in your system
Technologies, Techniques, and Standards
What is Data Isolation & Why Does it Matter? (Information Security Buzz) Nearly one million new malware threats were released every day in 2014, with no signs of slowing down, according to Symantec’s Internet Security Threat Report. Malware, worms and other viruses can spread through a company’s network like wildfire. Getting your system and network back up and running only scratches the surface of expenses. Malware can …
Cybersecurity: What Elected and Appointed Officials Need to Know (Government Technology) A new survey notes that while data breach incidents continue to soar, 80 percent of government officials and their staff don't know if their state has a cyber emergency incident plan in place.
5 Ways to Fix the Biggest Cybersecurity Issues Law Firms Face (Legaltech News) How do you protect your law firm from a seemingly indefensible threat?
Companies Need to Remember Regulatory, Legal Requirements When Addressing IoT (Legaltech News) The AT&T report reminds companies that regulatory and legal requirements should remain an Internet of Things concern.
The Stupidly Simple Spy Messages No Computer Could Decode (The Daily Beast) Every day, hour after hour, the world’s spies send top secret information you can easily listen in on.
Design and Innovation
The US Air Force now has two fully operational cyberspace weapon systems (ZDNet) New system aims to track and engage advanced persistent threats.
Linked to bullying and even murder, can anonymous apps like Kik ever be safe? (the Guardian) Questions over whether the benefits of anonymous apps - such as giving children a space to explore sensitive issues - can outweigh the risks they pose
How MIT & Cambridge University Students Pooled Their Brainpower for Cybersecurity (BostInno) Last year, President Barack Obama and British Prime Minister David Cameron announced that MIT and Cambridge University in the U.K. would be joining forces for the good of global cybersecurity
Legislation, Policy, and Regulation
GCHQ admits £1bn spend on cyber security 'hasn't worked' (Computing) We've spent quite a lot of money, but still failed, admits CESG director Dewedney,Security ,GCHQ,Cyber security
The long road ahead: Obama’s cybersecurity action is a step toward change (TechCrunch) President Obama’s recent announcement of the creation of the Cybersecurity National Action Plan (CNAP) made waves across government and tech audiences, as it proposed a $19 billion budget to bulk up cybersecurity across the U.S. government and the private sector. While the announcement seemed abrup…
Reminder: You Should Care About Mass Surveillance, Even if You’ve Done Nothing Wrong (Just Security) This post is the latest installment of our “Monday Reflections” feature, in which a different Just Security editor examines the big stories
Former NSA Director: An Apple Encryption Backdoor Would Endanger National Security (Fusion) Michael Hayden, former NSA and CIA director, said the FBI’s request could lead to exploitation by foreign powers.
Remarks of Assistant Secretary Strickling at ICANN/GAC High Level Governmental Meeting (National Telecommunications and Information Administration) I am pleased to be here today at the third GAC High Level Governmental Meeting. I would like to thank the government of Morocco for the invitation and Minister Elalamy for the hospitality and generosity he has shown all of us
FTC reports big jump in identity theft; may bring heavy regulation on data security (C4ISR & Networks) The Defense Department recently issued a military-wide cybersecurity discipline implementation plan, a document that aims to hold leaders accountable for cybersecurity up and down the chain of command and report progress and setbacks
FAA Working on New Guidelines for Hack-Proof Planes (Nextgov.com) Researchers have been invited to build upon an FAA-developed framework for testing a plane’s susceptibility to hacks.
HHS seeks industry pros to join healthcare cybersecurity task force (Healthcare IT News) Nominations period open for one more week as the federal agency looks to tackle concerns over a string of high-profile breaches.
St. Louis Offers Free Land for Spy Agency Site (CBS St. Louis) A federal spy agency is weighing offers of free land on both the Missouri and Illinois sides of the St. Louis area as it considers where to relocate its national headquarters.
Litigation, Investigation, and Law Enforcement
Apple vs FBI: San Bernardino DA Michael Ramos admits 'dormant cyber pathogen' remark was nonsense (International Business Times UK) Security industry and social media users both slammed the 'fearmongering' remarks online.
Clinton, on her private server, wrote 104 emails the government says are classified (Washington Post) She wasn’t the only one who sent sensitive information over non-secure systems, review finds.
Clinton defends classified material during Fox town hall (Washington Examiner) Hillary Clinton defended her use of a private e-mail server when pressed on her knowledge of the issue during her first appearance on Fox News in the past two years.
Were Hillary Clinton’s Emails Classified? Where You Stand Depends on Where You Sit (War on the Rocks) The debate about former Secretary of State Hillary Clinton’s private email server is generating a great deal of heat, but not much light. Let’s start off
FCC cracks down on Verizon Wireless for using ‘supercookies’ (Washington Post) At latest sign that the FCC is getting serious about privacy.
Venezuela enters round two of fight against “cyber-terrorism” U.S. website (Miami Herald) Venezuela’s Central Bank is taking a second stab at a popular website that it’s accusing in U.S. courts of sabotaging the economy and undermining the government.
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
CSO 50 Conference and Awards (Litchfield Park, Arizona, USA, Apr 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share their experiences and insights not only in preventing and detecting breaches but in selling and funding their programs to senior management and demonstrating business value.
International Academic Business Conference (New Orleans, Louisiana, USA, Mar 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are welcome to make presentations and/or to only attend sessions. The Clute Institute also seeks manuscripts for possible publication in our recently launched Journal of Cybersecurity Research
CISO Chicago Summit (Chicago, Illinois, USA, Mar 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
Navigating Summit 2016 (Canberra, Australia, Mar 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy and cyber-security are the cornerstones of this strategy. The Summit will examine the implications of privacy and security in a ubiquitously connected, data driven world. Key areas of focus will include digital identity, open data and data sharing, the implications of technologies such as cloud computing, data analytics and the Internet of Things and perceived tensions between privacy and security and innovation.
CISO Atlanta Summit (Atlanta, Georgia, USA, Mar 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data
The Atlantic Council's Cyber 9/12 Student Challenge (Washington, D.C. USA, Mar 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests
SANS 2016 (Orlando, Florida, USA, Mar 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 with cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. We invite you to take this amazing opportunity to meet with other cyber security professionals at one of the largest SANS events and learn actionable steps that will make an impact on security. Our event campus and lodging will once again be the magnificent Walt Disney World Dolphin Resort.
CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, Mar 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM), and Operation/Exercise lessons learned during Joint/Allied operations. The event will support all levels of organizations that manage deployed forces, or the local community. ISKMI will address rapidly changing security strategies, technologies and methodologies that make accounting of safeguarding and securing equipment more complex than ever before.
Pwn2Own 2016 (Vancouver, British Columbia, Canada, Mar 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets, the Windows-based targets will be running on a VMware Workstation virtual machine. A $75K bonus will be given to those who can escape the VMware virtual machine. This is our first year including VMware as a target, and we look forward to seeing what researchers will do with it
Insider Threat Symposium & Expo™ (San Antonio, Texas, USA, Mar 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents to businesses. The Insider Threat Symposium & Expo is a MUST ATTEND event for individuals working for the U.S. Government, State Governments, Department of Defense, Intelligence Community Agencies, Critical Infrastructure Providers, Defense Industrial Base Contractors, Airport / Aviation Security, large and small businesses
ICCWS 2016 (Boston, Massachusetts, USA, Mar 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security
CISO Summit France (Paris, France, Mar 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming years. But even with enterprises tacking notice of new technologies capable of driving revenue and lowering costs, IT departments aren't yet in the clear. The role of the CISO is more important than ever as financial turmoil continues to alter the world's economy, making it difficult to put your organisation in a position to achieve success. The business goals have changed and CISOs are now tasked with trying to find emerging opportunities to drive value throughout the enterprise
cybergamut Tech Tuesday: Providing Consistent Security Across Virtual and Physical Workloads (Elkridge, MD, Calverton, Mar 22, 2016) Data centers today are being tasked with many more requirements. This has been increasing as companies leverage server virtualization in new ways. This has made the data center a rich source of information for attackers. It is commonly accepted that protection of data center workloads is important, but in many cases security takes a back seat to data center performance. What is needed is a security solution that does not increase latency and is operationally feasible.
Risk Management Summit (New York, New York, USA, Mar 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the largest US and global companies. Now in it its seventh year, provides attendees with focused insights into key risk management concerns via expert panels and strategic, thought-provoking discussions with peers and industry leaders